Rilasciato il protocollo WPA3
Il 25 luglio 2018 la Wi-Fi Alliance, un’organizzazione nata nel 1999 e formata da alcune industrie leader nel settore con lo scopo di guidare l’adozione di un unico standard per la banda larga senza fili nel mondo, ha introdotto un programma di certificazione per il Wi-Fi Protected Access 3 (WPA3) per le versioni WPA3-Personal e WPA3-Enterprise, a riguardo si veda la news Wi-Fi Alliance® introduces Wi-Fi CERTIFIED WPA3™ security.
Il standard WPA3 era stato annunciato nel gennaio 2018, a riguardo si veda la news Wi-Fi Alliance® introduces security enhancements, con l’obbiettivo di fornire miglioramenti e nuove funzionalità di sicurezza tra cui il blocco degli attacchi basati su KRACK (Key Reinstallation Attacks) a cui il protocollo WPA2 è vulnerabile, a riguardo si veda il mio post Violato il protocollo WPA2.
Sinteticamente il WPA3 introduce le seguenti novità:
La Wi-Fi Alliance ha introdotto un programma di certificazione per due versioni di WPA3, WPA3-Personal e WPA3-Enterprise,
- WPA3-Personal è ottimizzato per reti più piccole come quelle casalinghe e sfrutta l’autenticazione simultanea di Equals (SAE), un protocollo di sicurezza delle chiavi tra i dispositivi che fornisce maggior resistenza ad “attacchi a dizionario” per compromettere la password rafforzando la sicurezza durante lo scambio delle chiavi e proteggendo il traffico dati anche se la password viene compromessa successivamente.
- WPA3-Enterprise è invece pensato per grandi installazioni Wi-Fi e permette la cifratura a 192 come da indicazioni del CNSS (Committee on National Security Systems).
Sia WPA3-Personal che WPA-Enterprise impediscono a dispositivi WPA2 di collegarsi a hotshop esclusivamente WPA3 che hanno attiva la modalità attiva che richiede Protected Management Frames (PMF) per l’aumento della protezione contro le intercettazioni dei client della rete.
Sempre il 25 luglio 2018 è stato anche introdotto il programma di certificazione per Wi-Fi Easy Connect, un nuovo protocollo di connessione per reti WPA2 e WPA3 che permette agli utenti di aggiungere dispositivi senza interfaccia di configurazione per l’aggiunta ad una rete WiFI (per esempio dispositivi IoT) mediante la scansione di codici QR.
Per maggiori dettagli si vedano o seguenti documenti:
Di seguito alcuni dettagli implementativi estratti dai precedenti documenti:
Caratteristiche comuni a tutti i dispositivi o versioni WPA3:
“Regardless of the environment or device type, all WPA3™ devices deliver two key benefits:
- Cryptographic consistency: WPA3 reduces the susceptibility of networks to a successful attack by mandating policies around the use of Advanced Encryption Standard (AES) with legacy protocols, such as Temporal Key Integrity Protocol (TKIP).
- Network Resiliency: Protected Management Frames (PMF) deliver a level of protection against eavesdropping and forging for robust management frames. The consistent use of these protections improves the resiliency of mission-critical networks.
Wi‑Fi Alliance first introduced Protected Management Frames (PMF) as an optional feature of WPA2 in 2012 and later mandated the capability for all Wi‑Fi CERTIFIED™ ac devices. With the release of WPA3, Wi‑Fi Alliance now mandates the use of Protected Management Frames in all WPA3 modes, providing protection for unicast and multicast robust management frames to include Action, Disassociate, and Deauthenticate frames.”
Dettagli sulle caratteristiche di WPA3-Personal:
“WPA3-Personal replaces Pre-Shared Key (PSK) with Simultaneous Authentication of Equals (SAE), delivering more robust password-based authentication. WPA3-Personal uses passwords for authentication by proving knowledge of the password and not for key derivation, providing users with stronger security protections such as:
- Offline dictionary attack resistance: It is not possible for an adversary to passively observe a WPA3-Personal exchange or actively engage in a single WPA3-Personal exchange and then try all possible passwords without further interaction with the network to determine the correct password. The only method for determining the network password is through repeated active attacks in which the adversary gets only one guess at the password per attack.
- Key recovery resistance: Even if an adversary determines the password, it is not possible to passively observe an exchange and determine the session keys, providing forward secrecy of network traffic.
- Natural password use: Onerous complexity requirements when choosing a password make it difficult to use and are an impediment to delivering desired security protections. Because WPA3-Personal is resistant to offline dictionary attacks, users can choose passwords that are easier to remember and easier to enter while still retaining a high level of security.
- Simple work flow continuity: WPA3-Personal retains the ease-of-use and system maintenance associated with previous versions of personal Wi‑Fi security.”
Transizione a reti WPA3-Personal:
“When users begin to adopt WPA3-Personal networks, they can leverage WPA3-Personal Transition Mode, defined as WPA3-SAE Transition Mode in the Wi‑Fi Alliance WPA3 Specification. WPA3-Personal Transition Mode allows for gradual migration to a WPA3-Personal network while maintaining interoperability with WPA2-Personal devices and without disruption to users. As more client devices include WPA3-Personal, they will benefit from the new protections provided without noticing since there is no need for additional user configuration.
A WPA3-Personal access point (AP) in transition mode enables WPA2-Personal and WPA3-Personal simultaneously on a single basic service set (BSS) to support client devices using a mix of WPA2-Personal and WPA3-Personal with the same passphrase. Client devices that support both WPA2-Personal and WPA3-Personal connect using the higher-security method of WPA3-Personal when available. To ensure interoperability with legacy devices that do not support PMF, WPA3-Personal Transition Mode configures the network as PMF capable (Management Frame Protection Capable bit = 1 and Management Frame Protection Required bit = 0), rather than PMF required.
The full benefits of WPA3-Personal are only available when not operating in WPA3-Personal Transition Mode. Once WPA3-Personal availability reaches a sufficient level amongst client devices, network owners should disable WPA3-Personal Transition Mode.”
Dettagli sulle caratteristiche di WPA3- Enterprise:
“For sensitive security environments, WPA3-Enterprise offers an optional 192-bit security mode that specifies the configuration of each cryptographic component such that the overall security of the network is consistent. This not only delivers the desired security level but also makes provisioning easier. The approach is based on the concept that cryptographic primitives have a work factor necessary for successful attack, and an attacker will target the weakest component in a system.
To achieve a consistent level of system security it is necessary to ensure that the work factor for each cryptographic primitive meets or exceeds a selected level. For example, it does no good to derive a 256-bit AES key from a shared secret resulting from a Diffie-Hellman group with a work factor of 280. Much like links in a chain, the overall security of the system is that of its weakest component.
The WPA3-Enterprise 192-bit security mode uses 256-bit Galois/Counter Mode Protocol (GCMP), widely written as GCMP-256, to provide authenticated encryption, 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash Algorithm (HMAC-SHA384) for key derivation and key confirmation, and Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) using a 384-bit elliptic curve for key establishment and authentication. While GCMP-192 would deliver the appropriate equivalent strength, GCMP-256 was selected based on its broader adoption. Misuse resistance is an important component of this new security mode, and Wi-Fi CERTIFIED™ devices do not allow configuration in a way that results in security less than the selected level.”
Transizione a reti WPA3-
“There is no need for a WPA3-Enterprise transition mode because WPA3-Enterprise does not fundamentally change or replace the protocols defined in WPA2-Enterprise. WPA2-Enterprise client devices will continue to interoperate with WPA3-Enterprise networks. A key consideration for network administrators is when to require PMF for all client device connections. While Wi‑Fi Alliance has mandated PMF support in all Wi‑Fi CERTIFIED ac devices since 2014, some networks must support legacy clients without PMF capabilities.
A WPA3-Enterprise AP may offer two PMF configuration options for a WPA3-Enterprise network: PMF capable (Management Frame Protection Capable bit = 1 and Management Frame Protection Required bit = 0) and PMF required (Management Frame Protection Capable bit = 1 and Management Frame Protection Required bit = 1). Disabling PMF for a WPA3-Enterprise network is not an option. When configured as PMF capable, WPA2-Enterprise client devices will negotiate PMF and WPA3-Enterprise clients devices must use PMF. This configuration delivers interoperability with devices that do not support PMF. When configured as PMF required, WPA2-Enterprise and WPA3-Enterprise client devices must use PMF.
By design, WPA3-Enterprise 192-bit security mode does not allow configuration in a way that would degrade security protections below the defined level. A network configured for 192-bit security requires all client devices to also operate in 192-bit security mode.”
Dettagli implementativi di Wi-Fi Protected Access 3-SAE (WPA3-SAE)
“WPA3-SAE applies to personal network settings.
Modes of operation
- WPA3-SAE Mode
- When a BSS is configured in WPA3-SAE Mode, PMF shall be set to required (MFPR bit in the RSN Capabilities field shall be set to 1 in the RSNE transmitted by the AP)
- A WPA3-SAE STA shall negotiate PMF when associating to an AP using WPA3-SAE Mode
- WPA3-SAE Transition Mode
- When WPA2-PSK and WPA3-SAE are configured on the same BSS (mixed mode), PMF shall be set to capable (MFPC bit shall be set to 1, and MFPR bit shall be set to 0 in the RSN Capabilities field in the RSNE transmitted by the AP)
- When WPA2-PSK and WPA3-SAE are configured on the same BSS (mixed mode), the AP shall reject an association for SAE if PMF is not negotiated for that association
- A WPA3-SAE STA shall negotiate PMF when associating to an AP using WPA3-SAE Transition Mode”
Dettagli implementativi di WPA3-Enterprise 192-bit Mode
“WPA3-Enterprise 192-bit Mode may be deployed in sensitive enterprise environments to further protect Wi-Fi networks with higher security requirements such as government, defense, and industrial.
WPA3-Enterprise 192-bit Mode requirements
- When WPA3-Enterprise 192-bit Mode is used by an AP, PMF shall be set to required (MFPR bit in the RSN Capabilities field shall be set to 1 in the RSNE transmitted by the AP).
- When WPA3-Enterprise 192-bit Mode is used by a STA, PMF shall be set to required (MFPR bit in the RSN Capabilities field shall be set to 1 in the RSNE transmitted by the STA).
- Permitted EAP cipher suites for use with WPA3-Enterprise 192-bit Mode are:
- ECDHE and ECDSA using the 384-bit prime modulus curve P-384
- ECDHE using the 384-bit prime modulus curve P-384
- RSA ≥ 3072-bit modulus
- RSA ≥ 3072-bit modulus
- DHE ≥ 3072-bit modulus”
Per quanto riguarda il supporto degli access point esistenti per sapere se sarà possibile far sì che possano supportare WPA3 occorrerà attendere le comunicazioni dei vendor, di seguito alcune comunicazioni a riguardo, di seguito quanto è stato comunicato da CISCO (Fonte:Greater Wi-Fi Adoption brings the need of higher security):
“Meanwhile please stay tuned for an upcoming announcement that will highlight how to integrate WPA3 features into our Aironet Access Points and Wireless Controllers via a firmware upgrade so that our existing and new customers to take advantage of these new capabilities.”